2.49k likes | 2.67k Vues
CSE 331: Introduction to Networks and Security. Slide Set 6. Fall 2000 Instructor: Carl A. Gunter. Recommended Reading (Reminder). Computer Networks, A Systems Approach . Second Edition. Larry L. Peterson and Bruce S. Davie. Morgan Kaufmann 2000.
E N D
CSE 331: Introduction to Networks and Security Slide Set 6 Fall 2000 Instructor: Carl A. Gunter
Recommended Reading (Reminder) • Computer Networks, A Systems Approach. Second Edition. Larry L. Peterson and Bruce S. Davie. Morgan Kaufmann 2000. • Handbook of Applied Cryptography. Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. CRC 1997. • Secure Electronic Commerce. Warwick Ford and Michael S. Baum. Prentice Hall 1996. • Network Security Essentials: Applications and Standards. William Stallings. Prentice Hall 2000.
Reading for Fun • Cryptonomicon, Neal Stephenson, Harperperennial Library, 2000. • The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage, Clifford Stoll, Pocket Books, 1995. • The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet, Second Edition,D. Kahn, Scribner, 1996. • Internet Besieged: Countering Cyberspace Scofflaws, D. E. Denning and D. J. Denning, Addison Wesley, 1997.
Goals Availability Integrity Confidentiality Targets Hardware Software Data Controls Physical security Limited interface Identification and authorization Encryption Analysis of costs and benefits Introduction to Security
Progress and Risk • Security-critical considerations • Credit card purchases on the web • Voting on the web • Banking on the web • Mobile agents and active networks • Safety and security considerations • Military systems, eg. Star Wars • Actuators on public networks
Security Requirements • Banking • Government • Public Telecommunications Carriers • Corporate / Private Networks • Electronic Commerce
Banking • Electronic Funds Transfer (EFT) • Prosecution of fraud problematic • Financial system overall at risk • Automated Teller Machine (ATM)
Automatic Teller Machines • Goals • Availability: Provide automated teller operations 24x7 in convenient locations • Integrity: Authorized users only, transactional guarantees • Confidentiality: Private communication with branches or center • Vulnerabilities and controls • Risk analysis and liabilities
Government • National security of course, but also • “Unclassified but sensitive information” must not be disclosed • Example: social security web page • Electronic signatures approved for government contractors
Public Telecom Carriers • Operations, Administration, Maintenance, and Provisioning (OAM&P) • Customer network management complexities • Theft by hackers • Unauthorized eavesdropping • Availability is a key concern • Significant insider risks
Corporate Private Networks • Completely private networks are becoming a thing of the past because of telecommuting. • Protection of proprietary information of course, but also concerns like privacy in the health care industry. • Foreign government threat?
Electronic Commerce • Electronic Data Interchange (EDI) • Electronic contracts need to be binding • ABA Resolution: “recognize that information in electronic form, where appropriate, may be considered to satisfy legal requirements regarding a writing or signature to the same extent as information on paper or in other conventional forms, when appropriate security techniques, practices, and procedures have been adopted.”
Three Scenarios • Vera buys a lathe. • Inter-corporate trading. • Nola’s electronic market.
Vera Buys a Lathe • Vera, owner of Vera’s Manufacturing, shops for a lathe on the internet using WWW. • She finds the desired product from Danielle’s Machine Makers and makes the order using a web form provided by Danielle’s. • Danielle’s confirms that the order really comes from Vera’s manufacturing.
Vera Pays for the Lathe • She sends her credit card number, suitably encrypted. • She sends an EDI payment order remittance advice transaction set instructing Vera’s bank to credit Danielle’s bank account. • She uses an online payment mechanism like a credit-card based payment protocol or electronic check. • The lathe is delivered through the usual distribution channels.
Inter-Corporate Trading • Danielle’s Machine Makers is a medium-sized company in Canada with long-established requirements for high-grade steel which it buys from Steelcorp. • Steelcorp aims to reduce costs of customer transactions by using secure messaging with its regular customers. • Origin and confidentiality of all correspondence must be ensured.
Nola’s Electronic Market • Nola is an entrepreneurial small businessperson who works from her home basement. • She buys items from suppliers willing to do business wholly electronically and sells them through a WWW storefront. • Effective marketing of the web page and very low overhead provide Nola’s competitive edge.
Legal Support Mostly by analogy with other commerce rules, but there are challenges. • How to satisfy traditional legal requirements for reduction of agreements to signed writings. • How to apply rules of evidence. • Interpreting, adapting, and complying with existing legal standards for electronic transactions.
DATA DATA Confidentiality DATA Integrity Availability Goals of Security
Safety and Security • Many things in common and some major differences. • Some similarities aid understanding of both. • System vs. Environment. • Accident, breach. • Hazard, vulnerability.
System vs. Environment (Safety) Environment System
System vs. Environment (Security) Environment System
Accident and Security Breach • Accident • Loss of life • Injury • Damage to property • Security Breach • Secret is revealed • Service is disabled • Data is altered • Messages are fabricated
Accident Definition • An accidentis an undesired and unplanned (but not necessarily unexpected) event that results in (at least) a specified level of harm. • Define breach similarly. • A security threat is a possible form of breach
Hazards and Vulnerabilities • Hazard • No fire alarms • No fire extinguishers • Rags close to furnace • Vulnerability • Password too short • Secret sent in plaintext over public network • Files not write protected
Hazard Definition • A hazard is a state or set of conditions of a system that, together with other conditions in the environment of the system, will lead inevitably to an accident. • Define security vulnerability similarly.
Other Terms • Asset: object of value. • Exposure: threat to an asset. • Attack: effort by an agent to exploit a vulnerability and create a breach.
Major Threats • Interruption • Interception • Modification • Fabrication
Major Assets • Hardware • Software • Data
Threats to Hardware • Interruption: crash, performance degradation • Interception: theft • Modification: tapping • Fabrication: spoofed devices
Threats to Software Code • Interruption: deletion, reset protection • Interception: theft • Modification • Trojan horse • Logic bomb • Virus • Trap door • Information leak • Fabrication: spoofing software distribution on the web
Threats to Software Processes • Interruption: bad inputs • Interception: attacks on agents • Modification: of exploited data • Fabrication: service spoofing (man-in-the-middle)
Threats to Data • Interruption: deletion, perceived integrity violation • Interception: eavesdropping, snooping memory • Modification: alteration of key information • Fabrication: spoofing web pages
Principles of Security • Easiest Penetration: An intruder must be expected to use any available means of penetration. This is not necessarily the most obvious means, nor is it necessarily the one against which the most solid defense has been installed.
Principles of Security, cont. • Adequate Protection: Computer items must be protected only until they lose their value. They must be protected to a degree consistent with their value.
Principles of Security, cont. • Effectiveness: Controls must be used to be effective. They must be efficient, easy to use, and appropriate.
Controls • Physical security • Limited interface • Identification and authorization • Encryption
Breakdown of S/W Controls • Program controls • as exercised by the programmer • as dictated by the programming language or programming environment • Operating system controls • Development process controls
Basic Encryption • Monoalphabetic substitution ciphers • Polyalphabetic substitution ciphers • Transposition ciphers • Fractionated Morse • Stream versus block ciphers • Desired properties of ciphers
Sender Transmission Medium Receiver S T R O Interceptor Circumstances
What Can O Do to a Message? • Block it (availability) • Intercept it (confidentiality) • Modify it (integrity) • Fabricate another (integrity)
Terminology • Encryption / Decryption • Encode / Decode • Plaintext / Ciphertext • Cryptography: hidden writing. • Cryptanalysis: uncovering what is hidden.
Monoalphabetic Substitution • Substitute one letter for another • Creates “confusion”
Keyless Encryption • C = E(P) and P = D(C) • P = D(E(P)) • Transmit E(P), receiver applies D. • Select D and E so that • Without knowing D or E it is hard to discover P from E(P). • It is feasible to know and apply D and E.
Caesar Cipher (Original) • E(p) = p + 3 (mod 26) • D(p) = p - 3 (mod 26) • Easy to recall and calculate D and E. Create a table: T R E A T Y I M P O S S I B L E w u h d w b l p s r v v l e o h A B C D E F G H I J K L M N O P Q R S T U V W X Y Z d e f g h I j k l m n o p q r s t u v w x y z a b c
Encryption Strategy: Confusion • The Caesar cipher confuses the letters of the alphabet, causing the result look like gibberish. • As we applied it in the previous example, a space is interpreted as a space, providing no confusion. • Note: changing one letter of plaintext changes exactly one letter of ciphertext.
Algorithm vs. Key • Moreover: • It is hard to keep D and E secret if they are much used, and • Cryptanalysis is possible. • To address the first of these problems assume: algorithm is known, but key is not known.
Encryption with a Key • Symmetric key • C = E(K, P) • P = D(K, C) • P = D(K, E(K, P)) • Asymetric key • C = E(Kpublic, P) • P = D(Kprivate, C) • P = D(Kprivate, E(Kpublic, P))
Permutation • Generalize Caesar cipher to allow other ways to permute the alphabet. • What is now called a Caesar cipher is any choice of an offset: () = (n + ) (mod 26). The number n is the key. • Generalize further: use any permutation as a key. • To encode, apply the key to each letter. • To decode, apply the inverse of the key to each letter.
Sample Permutations • Example: a passphrase like “this is a long key” can be a key. • Example: take every third letter. • () = (3 * ) (mod 26) A B C D E F G H I J K L M N O P Q R S T U V W X Y Z t h i s a l o n g k e y b c d f j m p q r u v w x z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a d g j m p s v y b e h k n q t w z c f i l o r u x